Information Security
Principles and Practice
1st Edition
Published on 1. September 2005
Book
Hardback
416 pages
978-0-471-73848-0 (ISBN)
Description
Your expert guide to information security
As businesses and consumers become more dependent on complex multinational information systems, the need to understand and devise sound information security systems has never been greater. This title takes a practical approach to information security by focusing on real-world examples. While not sidestepping the theory, the emphasis is on developing the skills and knowledge that security and information technology students and professionals need to face their challenges. The book is organized around four major themes:
* Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis
* Access control: authentication and authorization, password-based security, ACLs and capabilities, multilevel and multilateral security, covert channels and inference control, BLP and Biba's models, firewalls, and intrusion detection systems
* Protocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSL, IPSec, Kerberos, and GSM
* Software: flaws and malware, buffer overflows, viruses and worms, software reverse engineering, digital rights management, secure software development, and operating systems security
Additional features include numerous figures and tables to illustrate and clarify complex topics, as well as problems-ranging from basic to challenging-to help readers apply their newly developed skills. A solutions manual and a set of classroom-tested PowerPoint(r) slides will assist instructors in their course development. Students and professors in information technology, computer science, and engineering, and professionals working in the field will find this reference most useful to solve their information security issues.
Reviews / Votes
"...presents information security concepts and practices insightfully in an easily comprehensible style...Although primarily intended as a college course resource, this book will appeal also to many security professionals. Highly recommended." (CHOICE, April 2006) "The book is well suited for beginners, and contains enough introductory material on a variety of topics." (Computing Reviews.com, January 9, 2006)More details
Edition
1., Auflage
Language
English
Place of publication
New York
United States
Publishing group
John Wiley and Sons Ltd
Target group
Professional and scholarly
Illustrations
Illustrations
Dimensions
Height: 24.3 cm
Width: 16 cm
Thickness: 24 mm
Weight
683 gr
ISBN-13
978-0-471-73848-0 (9780471738480)
Schweitzer Classification
Other editions
New editions
Book
05/2011
2nd Edition
Wiley
€123.80
Article exhausted; check for reprint
Additional editions
E-Book
10/2005
Wiley
€73.99
Available for download
Person
MARK STAMP, PHD, is Professor of Computer Science, San José State University, where he teaches undergraduate and graduate-level information security courses. In addition to his experience gained in private industry and academia, Dr. Stamp has seven years' experience working as a cryptanalyst at the U.S. National Security Agency.
Content
Preface.
About The Author.
Acknowledgments.
1. Introduction.
1.1 The Cast of Characters.
1.2 Alice's Online Bank.
1.3 About This Book.
1.4 The People Problem.
1.5 Theory and Practice.
1.6 Problems.
I. CRYPTO.
2. Crypto Basics.
2.1 Introduction.
2.2 How to Speak Crypto.
2.3 Classic Crypto.
2.4 Modern Crypto History.
2.5 A Taxonomy of Cryptography.
2.6 A Taxonomy of Cryptanalysis.
2.7 Summary.
2.8 Problems.
3. Symmetric Key Crypto.
3.1 Introduction.
3.2 Stream Ciphers.
3.3 Block Ciphers.
3.4 Integrity.
3.5 Summary.
3.6 Problems.
4. Public Key Crypto.
4.1 Introduction.
4.2 Knapsack.
4.3 RSA.
4.4 Diffie-Hellman.
4.5 Elliptic Curve Cryptography.
4.6 Public Key Notation.
4.7 Uses for Public Key Crypto.
4.8 Public Key Infrastructure.
4.9 Summary.
4.10 Problems.
5. Hash Functions and Other Topics.
5.1 What is a Hash Function?
5.2 The Birthday Problem.
5.3 Non-cryptographic Hashes.
5.4 Tiger Hash.
5.5 HMAC.
5.6 Uses of Hash Functions.
5.7 Other Crypto-Related Topics.
5.8 Summary.
5.9 Problems.
6. Advanced Cryptanalysis.
6.1 Introduction.
6.2 Linear and Differential Cryptanalysis.
6.3 Side Channel Attack on RSA.
6.4 Lattice Reduction and the Knapsack.
6.5 Hellman's Time-Memory Tradeo_.
6.6 Summary.
6.7 Problems.
II. ACCESS CONTROL.
7. Authentication.
7.1 Introduction.
7.2 Authentication Methods.
7.3 Passwords.
7.4 Biometrics.
7.5 Something You Have.
7.6 Two-Factor Authentication.
7.7 Single Sign-On and Web Cookies.
7.8 Summary.
7.9 Problems.
8. Authorization.
8.1 Introduction.
8.2 Access Control.
8.3 Multilevel Security Models.
8.4 Multilateral Security.
8.5 Covert Channel.
8.6 Inference Control.
8.7 CAPTCHA.
8.8 Firewalls.
8.9 Intrusion Detection.
8.10 Summary.
8.11 Problems.
III PROTOCOLS.
9. Simple Authentication Protocols.
9.1 Introduction.
9.2 Simple Security Protocols.
9.3 Authentication Protocols.
9.4 Authentication and TCP.
9.5 Zero Knowledge Proofs.
9.6 The Best Authentication Protocol?
9.7 Summary.
9.8 Problems.
10. Real-World Security Protocols.
10.1 Introduction.
10.2 Secure Socket Layer.
10.3 IPSec.
10.4 Kerberos.
10.5 GSM.
10.6 Summary.
10.7 Problems.
IV SOFTWARE.
11. Software Flaws and Malware.
11.1 Introduction.
11.2 Software Flaws.
11.3 Malware.
11.4 Miscellaneous Software-Based Attacks.
11.5 Summary.
11.6 Problems.
12. Insecurity in Software.
12.1 Introduction.
12.2 Software Reverse Engineering.
12.3 Software Tamper-resistance.
12.4 Digital Rights Management.
12.5 Software Development.
12.6 Summary.
12.7 Problems.
13. Operating Systems and Security.
13.1 Introduction.
13.2 Operating System Security Functions.
13.3 Trusted Operating System.
13.4 Next Generation Secure Computing Base.
13.5 Summary.
13.6 Problems.
Appendices.
A-1 Networking Basics.
A-2 Math Essentials.
A-3 DES S-boxes.
Annotated Bibliography.
Index.